ID

VAR-201211-0329

CVE

CVE-2012-3758

TITLE

Apple QuickTime Vulnerable to buffer overflow

DESCRIPTION

Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted transform attribute in a text3GTrack element in a QuickTime TeXML file. These issues arise when the application handles specially crafted files. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts will cause denial-of-service conditions. Versions prior to QuickTime 7.7.3 are vulnerable on Windows 7, Vista, and XP. This BID is being retired. Apple QuickTime is a multimedia playback software developed by Apple (Apple). The software is capable of handling multiple sources such as digital video, media segments, and more. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Apple QuickTime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51226 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 RELEASE DATE: 2012-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/51226/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51226/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51226 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing a PICT file can be exploited to cause a buffer overflow. 2) An error when processing a PICT file can be exploited to corrupt memory. 3) A use-after-free error exists in the plugin when handling "_qtactivex_" parameters within an HTML object. 5) Some errors when processing TeXML files can be exploited to cause a buffer overflows. 6) A boundary error when handling certain MIME types within a plugin can be exploited to cause a buffer overflow. 7) A use-after-free error exists in the ActiveX control when handling "Clear()" method. 8) A boundary error when processing a Targa file can be exploited to cause a buffer overflow. 9) A boundary error when processing the "rnet" box within MP4 files can be exploited to cause a buffer overflow. The vulnerabilities are reported in versions prior to 7.7.3. SOLUTION: Update to version 7.7.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Mark Yason, IBM X-Force 2) Jeremy Brown, Microsoft and Microsoft Vulnerability Research (MSVR) 3, 7) chkr_d591 via iDefense VCP 4) Alexander Gavrun via ZDI 5) Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs 6) Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs 8) Senator of Pirates 9) Kevin Szkudlapski, QuarksLab ORIGINAL ADVISORY: http://support.apple.com/kb/HT5581 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-07-1 QuickTime 7.7.3 QuickTime 7.7.3 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of REGION records in PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-1374 : Mark Yason of the IBM X-Force QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PICT files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3757 : Jeremy Brown at Microsoft and Microsoft Vulnerability Research (MSVR) QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime plugin's handling of '_qtactivex_' parameters within a HTML object element. This issue was addressed through improved memory handling. This issue was addressed through improved bounds checking. These issues were addressed through improved bounds checking. CVE-ID CVE-2012-3752 : Arezou Hosseinzad-Amirkhizi, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the QuickTime plugin's handling of MIME types. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3753 : Pavel Polischouk, Vulnerability Research Team, TELUS Security Labs QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the QuickTime ActiveX control's handling of the Clear() method. This issue was addressed through improved memory management. This issue was addressed through improved bounds checking. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3756 : Kevin Szkudlapski of QuarksLab QuickTime 7.7.3 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: 3123713755c0705babacf186f5c3571204ee3ae7 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQmpRUAAoJEPefwLHPlZEwLxkP/j9+h9Wz0TzUbGLzyQsR7J98 JFMDjzIzoyILXnKxq19oZnjxwJtmBJVJuEVX3cqTS+R/yNOQb2kox/bQUCSL7TnW YW2f2IeHAt1TndxwP82+/lmRw6z2Dt+wptmn6OhOTdeIRFnsoV7KjKnnMja2Tr2d Hysb/kAcKc0RP8dGKmlT007ktCShRqhKqVZJZ+LePaF40CxZE2G4iT6mHI9gAXsp TNfBDOwO6wEaDjApXeotmvInMqYw3EPQHMFdP1kjQyai3QEgFrGV6xpQM0p17ftW KK8/O9IxnVGTWAAA51N7nWvEXlwX7uSJB96aerFlBGYyjzPlChwgHJsXG/Be1xXa 7nrl7IRDoX2QivJnvJAugxQkkZUXB6anokn94pUKa9wrYXMH/lSDXpJuzN7BWmmt TJ2Xckrryt6p68eGwl/CaACjsFO7JHMjJiZurIFH3/ho0xXEixiXx/QJaDjiJFym ZcepjmzflDY1c4J8HLPeb1iqD7cgFuIP8eP4f5FmYpvPkkawE/pKsKQk3m8uX4fu RCXB2tfGaqws4mrSuFCL+NfD4ewKUc+kY5Kr2l2TG2q0wj4t6dbFMqsoNOUPMV64 I8xmJqXv5Vmvy17mlo+5HEZJhOwveA0mH9QDvjiQLZGykLTHeVnrLwwuQ1CHLfsX HhmkaRhwV4stZsLFzwIW =nV8Y -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

network

TYPE

buffer overflow

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Mark Yason from IBM X-Force, Jeremy Brown from Microsoft and Microsoft Vulnerability Research (MSVR), chkr_d591 via iDefense VCP, Alexander Gavrun via ZDI, Arezou Hosseinzad-Amirkhizi and Pavel Polischouk from Vulnerability Research Team, TELUS Security La

SOURCES

LAST UPDATE DATE

2025-04-11T21:04:14.884000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE